From owner-freebsd-security Thu Jun 10 19:23:12 1999 Delivered-To: freebsd-security@freebsd.org Received: from cantor.boolean.net (cantor.boolean.net [209.133.111.73]) by hub.freebsd.org (Postfix) with ESMTP id 4E57914DEF for ; Thu, 10 Jun 1999 19:23:10 -0700 (PDT) (envelope-from Kurt@OpenLDAP.Org) Received: from gypsy (localhost [127.0.0.1]) by cantor.boolean.net (8.9.2/8.9.1) with SMTP id CAA17459; Fri, 11 Jun 1999 02:22:22 GMT (envelope-from Kurt@OpenLDAP.Org) Message-Id: <3.0.5.32.19990610191916.0096a6f0@localhost> X-Sender: guru@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Thu, 10 Jun 1999 19:19:16 -0700 To: Bill Swingle From: "Kurt D. Zeilenga" Subject: Re: ports and applications Cc: Nick Rogness , Gregory Carvalho , "freebsd-security@FreeBSD.ORG" In-Reply-To: <19990610170151.D843@dub.net> References: <375F7453.77C0F526@stcinc.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 05:01 PM 6/10/99 -0700, Bill Swingle wrote: >On Thu, Jun 10, 1999 at 03:07:39PM -0600, Nick Rogness wrote: >> On Thu, 10 Jun 1999, Gregory Carvalho wrote: >> >> > Using ipfw I am allowing port 80 through the wall (could you imagine if >> > I denied the good people of Gotham their web fix). Suppose I deny >> > telnet, but some external server has its telnet server configured for >> > port 80. Is there a method to prevent the telnet session from operating? >> >> Why would anyone run telnet on port 80? >> >> Is this an incoming or outgoing telnet session? I'm assuming >> outoing telnet sessions. The only thing I can think of is running >> the machines through a proxy server. > >Once, while working for a rather fascist employer that denied outgoing >connections on ports 22/23 I set up telnet, then later sshd, on port 80 >on my home machine. They employers couldnt do without their web access >it seems :) I think this is what the original writer is trying to avoid. We're actually running a public CVS server on port 443 (https) so that users behind firewalls can get at our source. It's hard to proxy https, which makes it much better tunneling port than 80 (http). Kurt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message